As Ghana is pushing for a cash-lite society, there is the need to achieve best practice standards to ensure confidence in the use of electronic payment systems, Archie Hesse, CEO of Ghana Interbank Payment and Settlement System (GHIPSS), has said.
“If you are moving from the usage of cash to electronic payment in the absence of these standards and fraudsters attack the system, there will be a loss of confidence. So we have to be mindful and ensure that the whole ecosystem, all banks actually, embrace these standards,” he said.
Mr Hesse was speaking at a breakfast forum, in Accra, organised by Digital Jewels, an ICT governance, risk and compliance firm that focuses on information security, risk and compliance and capacity building along the information value chain.
Statistics at the Bank of Ghana (BoG) indicates that electronic fraud constitutes more than 80 per cent of all complaints that are reported at its Consumer Reporting Unit.
He stressed on the need for all banks, international institutions and merchants, among others, to achieve accreditation of global best practice standards to make electronic fraud non-existence.
Some of the standards are the Payment Card Industry Data Security Standard (PCIDSS) and the global Information Security Management Systems standard (ISO27001), which plays significant role in instiling confidence in the use of electronic payment systems.
Mr Hesse was speaking from an informed perspective given that GHIPPS is already certified to the ISO27001 standard and is looking to achieve the PCIDSS standard.
His comments were also timely given the BoG’s recent ultimatum to all banks to attain compliance to PCIDSS and ISO8583 with regard to the acceptance of payment cards, and storage, processing, and/or transmission of cardholder data.
With the BoG directing all commercial banks to put in place measures to curb electronic fraud, a number of banks are in the process of adopting chip and PIN systems of authentication to replace existing Magnetic Stripe cards.
Chief Executive Officer of Digital Jewels, Adedoyin Odunfa, called for massive public education to make sure that people are aware of the exposures and the necessary precautions they can take.
She urged organisations to apply an approach that included an adoption of best practice standards, saying that, “instead of re-inventing the wheel, organisations should look to adopt global best practice standards to put in place effective counter measures to improve their own security posture.”
The CEO advised the Ghanaian community to take standards like PCIDSS and ISO27001 seriously “because they cannot really afford not to.”
She said government and institutions must take a holistic view to security, which involves a focus on processes, people and technology.
Abiola Bawuah, Chief Executive Officer of United Bank for Africa (UBA) Ghana said banks need to constantly be a step ahead of electronic fraudsters in order to retain the trust of customers.
According to her, data is the most important commodity in today’s world of online and internet banking, and thus, banks must do everything they can to protect customers’ data.
“Protection of data should be the number one priority of banks. Whatever the cost is in protecting this data, it is worth the expenditure because it is much costlier losing it to fraudsters,” she said.
“Electronic fraudsters are always seeking cardholder data. By obtaining the primary account number and other sensitive authentication data, a fraudster can impersonate the cardholder, use the card, and steal the cardholder’s identity.
“The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants or financial institutions with them losing credibility (and in turn, business), while also facing numerous financial liabilities,” she added.